Changeset 27 for trunk/patSession/Storage.php
- Timestamp:
- 11/11/04 11:01:55 (4 years ago)
- Files:
-
- trunk/patSession/Storage.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/patSession/Storage.php
r26 r27 61 61 * - fix_browser 62 62 * - fix_referer 63 * - use_token 63 64 * 64 65 * @var array $_security list of checks that will be done. 65 66 */ 66 var $_security = array( 'fix_referer', 'fix_ip', 'fix_browser' );67 var $_security = array( 'fix_referer', 'fix_ip', 'fix_browser', 'use_token' ); 67 68 68 69 /** … … 278 279 $this->set( '_patSession_atime', null ); 279 280 $this->set( '_patSession_clientAddr', null ); 281 $this->set( '_patSession_clientForwarded', null ); 280 282 $this->set( '_patSession_clientBrowser', null ); 281 283 } … … 312 314 { 313 315 // referer must match server 314 preg_match( ' °https?://(.*)/°U', $_SERVER['HTTP_REFERER'], $match );316 preg_match( '|https?://(.*)/|U', $_SERVER['HTTP_REFERER'], $match ); 315 317 $ref = $match[1]; 316 318 … … 351 353 return false; 352 354 } 355 356 // some polite proxy server tell, for whom they forward the request for 357 if( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) 358 { 359 $forwarded = $this->get( '_patSession_clientForwarded' ); 360 361 if( $forwarded === null ) 362 { 363 $this->set( '_patSession_clientForwarded', $_SERVER['HTTP_X_FORWARDED_FOR'] ); 364 } 365 else if( $_SERVER['HTTP_X_FORWARDED_FOR'] !== $forwarded ) 366 { 367 $this->_state = 'fix_ip_failed'; 368 return false; 369 } 370 } 353 371 } 354 372
